From 775f23e5ea17874cd24ce265171f6bdf2b1b942c Mon Sep 17 00:00:00 2001 From: Sacha Chua Date: Fri, 17 Jan 2025 15:22:21 -0500 Subject: update upload --- roles/upload/tasks/main.yml | 38 ++++++++++++++++++++++++++ roles/upload/templates/index.html | 7 +++++ roles/upload/templates/nginx-site-config | 46 ++++++++++++++++++++++++++++++++ 3 files changed, 91 insertions(+) create mode 100644 roles/upload/templates/index.html create mode 100644 roles/upload/templates/nginx-site-config diff --git a/roles/upload/tasks/main.yml b/roles/upload/tasks/main.yml index ca87a1c..b63e3f1 100644 --- a/roles/upload/tasks/main.yml +++ b/roles/upload/tasks/main.yml @@ -21,6 +21,14 @@ name: - nodejs state: present +- name: Add to dehydrated.conf + become: true + lineinfile: + line: "{{ upload_server_name }}" + path: /etc/dehydrated/domains.txt +- name: Create or renew cert + command: "dehydrated --cron" + become: true - name: Create upload user become: true user: @@ -99,6 +107,19 @@ owner: "{{ upload_user }}" group: "{{ upload_group }}" recurse: true +- name: Create backup dir to use when the conference is done + file: + path: "{{ upload_done_dir }}" + owner: "{{ upload_user }}" + group: "{{ upload_group }}" + state: directory +- name: Create backup file to use when the conference is done + template: + src: index.html + owner: "{{ upload_user }}" + group: "{{ upload_group }}" + mode: 0755 + dest: "{{ upload_done_dir }}/index.html" - name: Install systemd configuration tags: system become: true @@ -109,6 +130,23 @@ group: root mode: 0755 when: not use_initd +- name: Create main configuration if needed + template: + src: nginx-site-config + dest: /etc/nginx/sites-available/{{ upload_server_name }} +- name: Make sure main configuration is enabled + file: + src: /etc/nginx/sites-available/{{ upload_server_name }} + dest: /etc/nginx/sites-enabled/{{ upload_server_name }} + owner: "{{ emacsconf_user }}" + group: "{{ emacsconf_group }}" + force: no + state: link +- name: Reload configuration + become: true + service: + name: nginx + state: reloaded - name: Restart Upload become: true when: upload_enabled diff --git a/roles/upload/templates/index.html b/roles/upload/templates/index.html new file mode 100644 index 0000000..e5d8e6e --- /dev/null +++ b/roles/upload/templates/index.html @@ -0,0 +1,7 @@ + + + + + EmacsConf is done for now, so we've turned off the file upload service. Let us know at emacsconf-org-private@gnu.org if you need it back to upload something! + + diff --git a/roles/upload/templates/nginx-site-config b/roles/upload/templates/nginx-site-config new file mode 100644 index 0000000..48842d1 --- /dev/null +++ b/roles/upload/templates/nginx-site-config @@ -0,0 +1,46 @@ +upstream upload_emacsconf { + server 127.0.0.1:3000; +} + +server { + listen 80; + listen [::]:80; + server_name {{ upload_server_name }}; + + include snippets/well-known-acme-challenge.conf; + + location / { + return 302 https://$server_name$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ upload_server_name }}; + + ssl_certificate /var/local/dehydrated/certs/{{ upload_server_name }}/fullchain.pem; + ssl_certificate_key /var/local/dehydrated/certs/{{ upload_server_name }}/privkey.pem; + ssl_trusted_certificate /var/local/dehydrated/certs/{{ upload_server_name }}/fullchain.pem; + include ssl_params.local; + include snippets/well-known-acme-challenge.conf; +{% if upload_enabled %} + location @upload_emacsconf { + proxy_pass http://upload_emacsconf; + proxy_http_version 1.1; + proxy_buffering off; + proxy_request_buffering off; # needs nginx version >= 1.7.11 + proxy_set_header Host $http_host; + } + location / { + #try_files $uri $uri/ @upload_emacsconf; + proxy_pass http://upload_emacsconf; + proxy_http_version 1.1; + proxy_buffering off; + proxy_request_buffering off; # needs nginx version >= 1.7.11 + proxy_set_header Host $http_host; + } + {% else %} + root {{ upload_done_dir }}; + {% endif %} +} -- cgit v1.2.3